I got an email from my system administrator saying that I needed to reboot my system to apply some patches. I had forgotten about it and after a couple of hours I got another mail telling me that I was yet to reboot my system.

I have since rebooted my system but I'm surprised how they'd know if I had rebooted my machine or not. Can someone explain how this works?

The admin can set up a shell script to either make use of uptime or to use some other method, as detailed in this link. Another method the admin can utilise is to setup an email to be send at system shutdown or restart, the details are available at this link.

COuld this be done remotely if they didn't have access to log into my machine?
–
nikhilJan 21 '13 at 7:39

1

An admin will most surely have access to your system, for administrative purposes. :)
–
saji89Jan 21 '13 at 7:55

4

unlikely @saji89 An admin has better things to do then to check every system locally for uptime...
–
RinzwindJan 21 '13 at 8:09

2

@Rinzwind, I wasn't telling that he should be using it. I was just pointing out that he will have the access to the machine. In this particular case, the admin had reasons to check. :)
–
saji89Jan 21 '13 at 8:27

1

Ah ok. But I got better things to do then to check systems' uptime ;) @saji89
–
RinzwindJan 21 '13 at 8:29

@saji89 mentioned the uptime command. I'll go one step lower, and simply posit that the sysadmin has a script somewhere that connects to each computer and does a cat /proc/uptime (or something equivalent). The first field of the output is the time, in seconds, since the system was last rebooted, which is much easier to parse than the output of uptime. For example, my computer gives a first uptime field of 1441218.24 with uptime returning up 16 days, 16:20. 1441218 seconds is 16 days plus 58818 seconds, and 58818 seconds is 16 1/3 hours. 16 days 16 1/3 hours.

When you know the maximum length of time since the system should have been rebooted, this data makes it trivial to check to see if the system has been rebooted since then or not.

It could be done through a monitoring tool such as Nagios, or through a separate script that the sysadmin keeps on his computer (or rather accessible through it, I'd imagine) which connects to each computer in turn or in parallell and prints the time since last reboot in some format. That all depends on how elaborate to make it.

When a package that requires a reboot has been updated via apt, a file called reboot-required is created into /var/run/. The sysadmin can check for the presence of this file remotely to determine if a reboot is required due to updates.

The OP was asked by the sysadmin to reboot the computer "to apply some patches". At least to me, this implies that the actual update happens through some mechanism during the boot process. (Maybe a boot script executing something along the lines of apt-get -y upgrade.) So there would be no reboot-required because from apt's perspective, a reboot isn't required yet.
–
Michael KjörlingJan 22 '13 at 9:05

2

I doubt that this is the case, because the user would have to reboot twice if the updates require a reboot after installing, and if there are no updates that require a reboot, the sysadmin could just remotely run that same script and update in the background. Without knowing more, I'd guess that there was a kernel image upgrade (or something other requiring a reboot), and the user had to reboot to apply the new kernel. But this is just guesswork.
–
onikJan 22 '13 at 9:32

If the admin is any good he probably set up the updates from HIS machine so the PC's do not have to download the same file from the web. If so he can see from his own machine who downloaded the patches.

He then only has to look at the IP addresses of those systems that did load the patches and send and email to those that did not. That email can even be an automatically generated mail. Imagine there are 500 machines. Manually checking each of them is a waste of time if there are several methods where he can do from his own machime.

1 very important reason for doing it this way: an admin needs to have control on what is happening on the systems he needs to maintain. So he should always have a single point of control (ie. his own machine where he has all the tools) where he can see the status of any machine.

There are several valid methods described in the answers. Logging in and checking the uptime would be strange for a large company, but doable for a smaller one. The sysadmin could have been checking via SNMP, but the same "trouble" argument could be used there.

The most likely situations are, as far as I'm concerned:

The sysadmin runs some sort of checking-software, probably Nagios, that checks clusters of computer for problems. Something like the NRPE plugin will be used for most systems and can show you uptime (apart from disc, logged in users, etc).

A similar method can be used to check what is running where. If the to-be-updated-patches can be checked (what kernel are you using), the "are all users updated" script will be still pointing at your computer for being in a 'bad' state.

If the system is connected to a network he controls, the sysadmin can simply look at the switch or the dhcp server to see how long your network connection has been active. That will also tell him you have not rebooted.